On 18-Feb-2010; NetWitness has reported of new malware 'Kneber botnet';
its a variant of Zeus and mainly target stealing Credentials, Key-logging, etc.
... has affected more than 2500 organizations;
... currently no IPS/IDS have adequate signatures detecting it.
... it can also act with other malwares, fav noticed is Waledac (a P2P Trojan)
[] A try to check if Machine is infected by a Kneber (Zeus Variant), is
The registry key can be found by following this path, he said:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit
normally will have an entry like "C:\WINDOWS\system32\userinit.exe,"
ZeuS will add itself to the list, typically as 'ntos.'
But could always change its name; so if any un-relevant entries found here... may be machine is infected.
If any more entries found, or suspicion is there scan the file listed here.
[] Its suggested to patch all latest MS10-* and Adobe releases on all the machines;
and as always not open suspicious e-mails
[]NetWitness said that Kneber was primarily found on corporate and government computers, however home users are likely to attract the infestation as well.
[] more details @
*** http://www.netwitness.com/resources/pressreleases/feb182010.aspx ***
http://www.networkworld.com/news/2010/021810-kneber-botnet-faq.html?hpg1=bn
http://www.nytimes.com/2010/02/19/technology/19cyber.html?em
http://www.technewsworld.com/rsstory/69372.html
Thursday, February 18, 2010
Subscribe to:
Posts (Atom)